�鶹������ý

The Trump Administration’s Department of Government Efficiency (DOGE), a , has to sensitive agency data and led . Headed by tech executive Elon Musk, DOGE’s “move fast, break things” threatens to do just that: quickly break critical U.S. technical infrastructure. By trying to seize control of federal digital systems, DOGE is undermining U.S. cybersecurity efforts and endangering national security.

Over the past two months, DOGE has quickly embedded itself across government agencies. Despite failing to the of its actions, one thing is clear: DOGE has gained sweeping access to millions of Americans’ sensitive, personal information held by government systems. While laws and regulations protect this data, reveal DOGE’s likely violation of these protections and negligent security practices.

claim DOGE is violating , such as the . Finding sufficient evidence of these violations, courts have temporarily of DOGE’s infringement into databases. At the same time, reports from inside the agencies raise alarms over activities that could compromise data security. For example, DOGE’s use of an to connect to government networks at the Office of Personnel Management (OPM) prompted a lawsuit. At the Department of Labor, employees flagged DOGE for remote-access and file-transfer software as a potential security risk for the dozens of agency databases holding personally identifiable information. At the and the , DOGE employees gained the ability to not only view but also modify systems. One DOGE employee was even mistakenly granted such “” privileges on a Treasury Department payment system. Court documents also that a DOGE employee sent unencrypted personal data to administration officials—a move that directly violates department policies. The reported use of raises more concerns about how DOGE is accessing and using Americans’ sensitive data. These security concerns are further compounded by DOGE employees’ access to government records without or .

DOGE’s efforts to gain unfettered back-end access to federal digital infrastructure threaten data privacy and may weaken digital systems’ integrity. Accessing, sharing, or processing data through insecure means and using unvetted personnel, software, or hardware bypasses established protocols and can create cybersecurity vulnerabilities. Further, the lack of transparency around DOGE actions can obscure new security risks. Any unknown or undocumented change to systems by DOGE can create confusion around which changes are authorized and which are not. Bad actors can exploit this ambiguity to steal or access government data, embed themselves into federal networks, or install malware—all in ways that may be more difficult to detect amidst the chaos surrounding DOGE. Without appropriate oversight, DOGE is actively increasing the risk of Americans’ personal data being exposed, breached, or politically misused.

Moreover, a confirmed fears of DOGE’s aim to centralize access to sensitive data. The EO requires agencies to provide “full and prompt access to all unclassified agency records, data, software systems, and information technology systems” to facilitate “sharing and consolidation” of data. While responsible data sharing is valuable, DOGE and the EO are doing the opposite. DOGE has flouted data privacy and security norms. Aggregating sensitive data into one place without the necessary protections makes misuse easier, dramatically increases vulnerabilities, and represents an especially appealing target for hackers seeking a wide range of government data.

The U.S. government’s digital infrastructure has been built over decades, with systems and processes changing slowly to fit the needs of the public sector. While modernization is needed, these systems require staff with institutional knowledge and experience to maintain functionality and security. Federal employees and contractors have been vetted and trained on government systems. They regularly issue updates, patch vulnerabilities, assess privacy risks, and monitor data leaks and breaches. But DOGE workforce cuts through and leave fewer people to successfully safeguard networks from attacks or train the next generation of federal cybersecurity professionals.

The overall loss of skilled technologists threatens to weaken and destabilize federal technical systems. If DOGE’s goal is to improve digital infrastructure, its actions don’t support that. DOGE has crippled the General Service Administration’s Technology Transformation Service—which leads government IT modernization efforts—by and its . Tasked with improving public-facing digital services across federal agencies, the 18F team helped design key U.S. systems like and . Similarly, the U.S. Digital Service, originally tasked with improving U.S. digital tools and services, was downsized after a January transformed the agency into the U.S. DOGE Service. A month later, 21 Digital Service employees over DOGE’s actions that “compromise core government systems, jeopardize American’s sensitive data, or dismantle critical public service.”

DOGE has also ushered in haphazard firings at agencies tasked with protecting national security. The Cybersecurity and Infrastructure Security Agency (CISA)—which protects critical infrastructure, defends against foreign cyber attacks, and oversees election safety—saw in its workforce, including staff who have in national cybersecurity and defend against Russian and Chinese hacks. Firings at , the , and even the , raise questions about DOGE’s impact on the government’s ability to maintain baseline security.

The dismantling of federal staff is deliberate. It weakens pushback against DOGE from experienced IT and cybersecurity professionals while creating openings to install staff who are more dedicated to DOGE. Such and can facilitate future incursions into agency networks by granting access to systems and their data. Furthering security risks, the employees that Elon Musk has so far entrusted to handle sensitive U.S. data have little work or government experience. Some seem to lack core competencies— their own website (doge.gov).

have made it clear: DOGE’s actions undermine U.S. national security by increasing cyber vulnerabilities. This comes at a time when U.S. federal agencies are experiencing an uptick in cyberattacks. A 2024 Office of Management and Budget (OMB) report (which the White House quietly from their website) found a in cyberattacks against federal agencies in FY2023.

Federal agencies are popular targets of foreign adversaries. Just last year, investigations revealed that groups linked to Chinese intelligence hacked and the . These breaches facilitated access to communications from high-profile individuals as well as . Similarly, in 2015, Chinese hackers stole nearly people’s personal information held by OPM. Russia also has a history of . In 2020, the Russian SolarWinds hack impacted , including the Department of Homeland Security, Department of Defense, and the Department of Justice.

DOGE’s actions create more openings for these types of attacks. Foreign adversaries can take advantage of failures in existing baseline protections, which are being undermined by DOGE’s disregard for privacy and security protocols. At the same time, any system changes by DOGE, especially undisclosed changes, can introduce new vulnerabilities that foreign adversaries can piggyback on to gain access to government databases. A diminished U.S. cyber talent pool is likely to face challenges in not only responding to the data risks that DOGE creates, but also defending against the cyberattacks that DOGE’s actions may invite.

DOGE is jeopardizing data privacy of Americans, hampering U.S. cybersecurity capabilities, and endangering U.S. national security. Members of Congress and policymakers should respond swiftly to these threats by curbing DOGE’s access to government systems and demanding transparency to fully assess the damage of DOGE’s actions. Time is of the essence; the status quo continues to put the United States and its residents at risk.

To discover what personal data DOGE has in hand, take our quiz.